• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.885-895
• /
• 2019

As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.

• Korean Security Journal
• /
• no.16
• /
• pp.119-135
• /
• 2008

This study is concerned on how much effect to activate private security officers from the attitude of CEO in private security companies. Of course the philosophy of CEO at the work is much important element on the company activity. And in small-medium size private security company the effect of CEO is tremendous because most of decision making comes from CEO and company is operated. The result of the analysis of the survey on the CEO in private security business is as belows. a) Most of them are not satisfied and negative from current situation of private security industry because too many companies are scattered and the expected social understanding is too low even though the company was established by their own decision due to it was fit to their aptitude. b) The job position is estimated not high by socio-economical perspective, which would be improved to get higher because this industry is very future business. c) Most of members of the korea security association are in negative on the policy of the korea security association but to enhance of the activity all the members should be in union. d) Must make and settle down a channel to communicate and cooperate each other between public and private sector of security business.

• Korean Security Journal
• /
• no.34
• /
• pp.57-88
• /
• 2013

The study aims at identifying, through structure model, the relationship characteristics between a private security company and its service customer as well as the relationship between the service quality and the consumer behavior, thereby providing the practical services that may attract new customers and maintain the existing customers in the competition to survive in the same industry and also may raise the loyal customer base, providing academic fundamental data to set up aggressive relationship marketing strategies. To achieve such purposes above, the research was conducted with 229 subjects, the users of a private security company's service as the employees of the stores located in Cheonan area, using the convenience sampling. The data was treated, using the statistics program, SPSS Windows 18.0 Version for frequency analysis and reliability analysis. Additionally, the confirmative factor analysis and covariance structural analysis were made, using AMOS 18.0 Version. Through the data analysis following the research methods above, the conclusion was acquired as follows: First, the relationship characteristics of a private security company makes influence on service quality. Second, the service quality of a private security company makes influence on consumer behavior. Third, the relationship characteristics of a private security company makes influence on consumer behavior. Fourth, the service quality makes an influence as the mediate effect between the private security company's relationship characteristics and consumer behavior.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1309-1318
• /
• 2014

In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.317-320
• /
• 2016

In embedded system, if firmware code is opened by other company, must devise hardware copy prevention. That guard valuable product. Not used security IC, Suggested platform is source code open method that prevent core code and hardware copy. And that open firmware code for other company programmer. Suggest system security platform based on Corex-M3. that consist of IAP(In-application programing) and APP(Applicataion). IAP contain core code and security confirm code. APP is implement by other company developer using core function prototype.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.53-61
• /
• 2019

In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

• Korean Security Journal
• /
• no.60
• /
• pp.137-153
• /
• 2019

The private security industry in Korea has developed considerably with the development of economic growth and IT technology. The purpose of this study is to explore the development method of the freelance system for private security work based on the problems of the freelance system that CEO of the security company in the private security work field recognize. To accomplish the purpose of this study, we interviewed 3 professors and 6 CEO of the security company to analyze the data. They suggested the development of the freelance system of private security work as follows. First, the systematic management of freelance security guards is needed. Secondly, the training for the manager of the freelance security guards should be done. Third, a minimum wage compliance check is required. Fourth, the contents of freelance system should be added to the reality in accordance with the security law. Fifth, the social security system of freelance security guards should be improved. Sixth, the establishment of a freelance security guard cooperative is necessary.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.6
• /
• pp.69-79
• /
• 2016

If the security incidents are occurred then, the company concentrates on the quick reaction to security incidents, reports the reason of incidents, it's problem, the result of measure to the top management team. There will be the case that actively finding problems and taking it's actions with linking the internal problems whenever external security incidents are occurred or that having only interest of problems at the moment. It is important that lasting the preventing action to prevent security incidents than not concentrating on only the security incidents are occurred. To do this, the systematical and consistent method for this should be provided. In this paper, we will provide a security incident forecast system. The security incident forecast system updates the incident induction factor which helping to forecast the potential security incidents on the database inferred from the direct security incidents which are occurred inside the company as well as the indirect security incidents which are occurred outside the company and makes interact with the incident experience and the measure process systematically. The security incident forecast system is the efficient measure about the potential security incidents in taking precaution.